Re: Transparent Data Encryption (TDE) and encrypted files - Mailing list pgsql-hackers

From Robert Haas
Subject Re: Transparent Data Encryption (TDE) and encrypted files
Date
Msg-id CA+TgmobOreT=W=wxJW20KuxVnLzqEBQ_mXQAfE_QTmSWORCueQ@mail.gmail.com
Whole thread Raw
In response to Transparent Data Encryption (TDE) and encrypted files  (Bruce Momjian <bruce@momjian.us>)
Responses Re: Transparent Data Encryption (TDE) and encrypted files
List pgsql-hackers
On Mon, Sep 30, 2019 at 5:26 PM Bruce Momjian <bruce@momjian.us> wrote:
> For full-cluster Transparent Data Encryption (TDE), the current plan is
> to encrypt all heap and index files, WAL, and all pgsql_tmp (work_mem
> overflow).  The plan is:
>
>         https://wiki.postgresql.org/wiki/Transparent_Data_Encryption#TODO_for_Full-Cluster_Encryption
>
> We don't see much value to encrypting vm, fsm, pg_xact, pg_multixact, or
> other files.  Is that correct?  Do any other PGDATA files contain user
> data?

As others have said, that sounds wrong to me.  I think you need to
encrypt everything.

I'm not sold on the comments that have been made about encrypting the
server log. I agree that could leak data, but that seems like somebody
else's problem: the log files aren't really under PostgreSQL's
management in the same way as pg_clog is. If you want to secure your
logs, send them to syslog and configure it to do whatever you need.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company



pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: Value of Transparent Data Encryption (TDE)
Next
From: Stephen Frost
Date:
Subject: Re: Transparent Data Encryption (TDE) and encrypted files